[LINK] SMH Blurb tries to help ailing biometrics industry - 2
Roger Clarke
Roger.Clarke at xamax.com.au
Wed Feb 20 09:04:53 AEDT 2008
[This email contains comments on an article in the SMH/Age Next
section: Born-again biometrics
February 19, 2008
http://www.smh.com.au/news/technology/bornagain-biometrics/2008/02/18/1203190738826.html?page=fullpage#contentSwap1
[It's 1-day-old news, because I had to let my blood cool down
overnight to make sure the comments were merely critical and not
intemperate.]
The extent of the skulduggery that the biometrics industry has been
allowed to get away with in this one story is simply astounding. The
reporter should hang their head in shame.
Here are some devices used in the article:
1. "Half a decade before the twin towers fell in New York, ..."
(a) uses a portentous alternative to "In 1996, ..."
(b) unjustifiably links something to something important, in the
hope that it will gain some reflected glory
2. " ... PhD exploring how computers and biometrics could be used to
detect terrorists at airports"
I've not read that PhD thesis, but there's a fair chance that it
related to detecting people for whom both of the following were true:
(1) the person's biometrics were recorded
(2) the person's status as a terrorist was known
Neither was true in respect of any of the 19 who committed the
attacks on the Twin Towers and Washington DC.
The close relationship suggested in the text is completely spurious.
Catching 'virgin terrorists' by means of biometric schemes is
downright impossible, and the industry is culpable for pretending
that they can deliver solutions to that problem.
3. "Biometrics involves capturing information about something unique
to an individual - their voice, face, ..."
Neither voice nor face are unique to an individual.
There is a great deal of variability of performance of an individual's
voice, and appearance of a person's face. The range of each voice
and face overlap substantially with those of many other people's
faces and voices.
Much the same is true of biometrics generally, although with biometrics
that are based on a unique physical feature, the reasons have less to
do with variation of the physical characteristics and more to do with
the wide range of technical and operational challenges involved in
taking measurements.
4. "If it matches the information captured about that biometric,
in they go"
For the reasons outlined in 3. immediately above, all comparisons
between biometrics are fuzzy, or to put it another way, no two
measurements of the same physical feature are ever the same.
It's seriously misleading to ever use a strong word like 'match'
in relation to biometrics, without some form of qualifier. The
comparison process is non-trivial, and of necessity makes mistakes.
All biometric schemes involve substantial false-positive and
false-negative results. How they are balanced in important.
And the business processes to handle them are crucial.
Many seemingly attractive applications simply don't work, because the
financial and other costs of handling the flood of exceptions is
simply far too high. Many of those seemingly attractive applications
will *never* work, because the error-rates and resultant costs will
*always* be too high.
5. "This was supposed to be the year that biometrics hit its straps;
the year Australia phased in a biometric access card ..."
The Access Card *Register* was to include a high-resolution copy
of the card-holder's photo, and a 'biometric template' derived from it.
But the *Card* was *not* to hold either of them:
http://www.privacy.org.au/Campaigns/ID_cards/HSAC-GovDocs-Data.html#DataonChip
So the biometrics industry is in the process of creating the lie
that the card would have been a biometric card.
(And of course face is not a proper biometric, and the suggestion that
it can be used for identification purposes is a complete furphy).
6. "[Ludwig] has carefully left the door open for possible future
projects ..."
What Ludwig was actually reported as saying on 13 Feb 08 was:
http://news.theage.com.au/access-card-funds-go-to-health-schools/20080213-1s11.html
"We are focused on the practical things that will make a real
difference, like online services, the coordination between agencies,
data matching and data sharing, that's what the Rudd Labor government
will focus on, RATHER THAN A CARD," he said. [Emphasis added here]
So even a replacement Medicare Card is far from a certainty.
The pretence that a 'biometric card' is in the air is a self-serving
invention of biometrics industry spruikers.
7. [Ludwig said] "any proposals that I bring forward will not rest their
hopes on a magic card to solve all the Government's problems."
[Reporter said] Given that biometrics involves little or no magic,
it seems a safe promise to make.
Ludwig is wary of a 'magic card', yet the reporter switches the
sense of the statement across to 'no magic necessary in biometrics'.
The reporter has now swallowed four myths perpetrated by the industry:
(1) biometrics identify terrorists
(2) face is a biometric
(3) the Access Card would have been a biometric card
(4) biometrics doesn't rely on magic
8. "For some of the companies that had won roles on the project,
it's been a costly political debate ... [KPMG] ... [BAH] ..."
This is beside the point. KPMG and Booz got paid. They would
have made even more money, that's true, but they didn't lose
anything other than opportunity. It was the tenderers for the big
supply jobs that lost, because they'd spent literally millions on
the preparation of tenders that were never let.
The suggestion that it was a 'political debate' is misleading.
The Access Card scheme collapsed because it was shown to be
seriously inappropriate in a variety of ways. See:
http://www.privacy.org.au/Campaigns/ID_cards/HSAC.html
http://www.privacy.org.au/Campaigns/ID_cards/HSAC-Media-07.html
A key step in the process was a Senate Committee whose Government
members had the intestinal fortitude to say so. So it was 'political'
only in the sense that the assessment was undertaken by politicians
(and was well-undertaken, which is regrettably uncommon). It wasn't
a 'political debate' in the pejorative sense of 'party-political'.
9. "Research from the University of Texas comparing human and machine
face recognition has shown that when the performance of seven
different face-matching algorithms was pitched against the
performance of humans matching faces, a handful of the algorithms
consistently outperformed the humans."
The standard of acceptability seems to have slipped, rather a lot.
How many mega-millions did we want to pay, for a scheme that, under
laboratory testing conditions, is marginally better than what we've
got now, and that, under operational conditions, may well be rather
worse?
And this is the *easy* part - 1-to-1 authentication of an assertion
of identity. That's far, far away from the 1-to-many identification
challenge that headlined the article ("detect terrorists at airports")
10. "The Government continues to trial the SmartGate facial
recognition-based border control system".
"The pilot ... started in late 2002 ..."
http://www.anu.edu.au/people/Roger.Clarke/DV/SmartGate.html (Aug '03)
Wouldn't the fact that it's still on trial after more than 5 years
suggest something? (Maybe those two pesky Japanese gentlemen are
still around, waiting to give the scheme more bad press).
A pseudo-evaluation in 2004 did the taxpayer a serious disservice
by pretending that all was well, when it wasn't:
http://www.anu.edu.au/people/Roger.Clarke/DV/SmartGate040207.html
Customs CIO Murray Harrison admitted in March 2006 that "Smartgate
doesn't enhance security. It helps flow and efficiency in the limited
space available in airports".
11. "The system has operated since July and [the CEO] expects it will
deliver annual payroll savings of about $600,000".
The amabiguous use of "the system" is yet another piece of
misinformation. It actually refers to a payroll system, but is
used as though it referred to a biometric element within the system.
Re-insourcing and installing a payroll "system" can save you a lot
of money when your business processes are as crippled as that
company's appear to have been. Biometrics has got precious little
to do with such outcomes.
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list